CVE-2021-41773 II
This challenge covers how to gain code execution by leveraging CVE-2021-41773
This challenge focuses on CVE-2021-41773, a vulnerability in Apache Httpd 2.4.49 that can be used to read local files on the server and execute commands if CGIs are enabled. By leveraging this vulnerability, you can run arbitrary commands using specially crafted CGI requests. The challenge demonstrates how to exploit this issue through SSRF, where the GET parameters become the arguments of the CGI, allowing for the execution of commands.
In the video, we delve into the specifics of gaining code execution by sending crafted requests to the server. We start by trying to access sensitive files like /etc/passwd and then move on to executing commands using the CGI mechanism. The key to solving the challenge is understanding how GET parameters are passed as arguments to the CGI and ensuring the command returns a response that Apache can handle, despite the inherent 500 error issue. By passing the UUID directly as the first parameter, we successfully execute the command and complete the challenge.